Call Today! (800) 244-5409


Frequently Asked Questions About International Standards Organization (ISO)

General Questions:

Standard Specific Questions:What waste lists are specified in the R2:2013?

ISMS, ISO 27000, ISO 27002, and ISO 17799 Demystified

ISO/TS 16949 ISO/TS 16949:2009 for automotive Products

Questions and Guidelines for Selecting Your ISO 90001 Consultant:

What Is ISO?

ISO 9000 was first published in 1987. It was based on the BS 5750 series of standards from The British Standards Institute (BSI) that were proposed to ISO in 1979. However, its history can be traced back some twenty years before that, to the publication of the United States Department of Defense MIL-Q-9858 standard in 1959. MIL-Q-9858 was revised into the NATO AQAP series of standards in 1969, which in turn were revised into the BS 5179 series of guidance standards published in 1974, and finally revised into the BS 5750 series of requirements standards in 1979 before being submitted to ISO. BSI has been certifying organizations for their quality management systems since 1978.

What is ISO 9000?

The ISO 9000 family of standards apples to quality management systems (QMS) and is designed provide guidelines for organizations to help ensure that they meet the needs of customers and other stakeholders as well as meeting statutory and regulatory requirements related to  products and services. The standards are published by ISO, the International Organization for Standardization, and available through accredited National Standards bodies.

ISO 9000 deals with the fundamentals of quality management systems and specifies the requirements that organizations wishing to meet the standard must fulfill.

Third party certification bodies provide independent confirmation that organizations meet the requirements of ISO 9001. Over a million organizations worldwide are independently certified, making ISO 9001 one of the most widely used management tools in the world today.

Who Uses It?

The growth in ISO 9001 certification is shown in the table below. The worldwide total of ISO 9001 certificates can be found in the ISO Survey of 9001 in 20032007201420092010 and ISO 9001 Executive Summary 2012

Worldwide total of ISO 9001 – Quality Management Systems – Requirements certificates
Dec 2000 Dec 2001 Dec 2002 Dec 2003 Dec 2004 Dec 2005 Dec 2006 Dec 2007 Dec 2008 Dec 2009 Dec 2010 Dec 2011
457,834 510,349 561,767 497,919 660,132 773,867 896,929 951,486 982,832 1,064,785 1,118,510 1,111,698

In recent years there has been a rapid growth in China, which now accounts for approximately a quarter of the global certifications.

Why is ISO 9001 Certification Desirable?

The global adoption of ISO 9001 may be attributable to a number of factors. A number of major purchasers require their suppliers to hold ISO 9001 certification as a condition of doing business. In addition to several stakeholders’ benefits, a number of studies have identified significant financial benefits for organizations certified to ISO 9001, with a 2011 survey from the British Assessment Bureau showing 44% of their certified clients had won new business.  Studies show that certified organizations achieve superior return on assets compared to similar organizations without certification.

The mechanisms for improving results include operational improvements such as cycle time improvements, inventory reductions, defect reduction and improvements in overall quality. Internal process improvements in organizations lead to externally observable improvements. The benefit of increased international trade and domestic market share, in addition to the internal benefits such as customer satisfaction, interdepartmental communications, work processes, and customer/supplier partnerships derived, far exceeds any and all initial investment.

What Does the ISO 9000 Standard Include?

The ISO 9000 Series is a set of international standards for quality management and quality assurance. The standards were developed to help companies effectively document the elements they need to maintain an efficient quality system. They are not specific to any one industry. The standards documents include:

      • Quality Management System requirements
      • Management responsibilities>
      • Resource management
      • Product realization
      • Measurement, analysis and improvement

Is the ISO 9000 Standard Static or Evolving?

The ISO 9000 standard is continually being revised by standing technical committees and advisory groups, who receive feedback from those professionals who are implementing the standard. Versions were published in 1987, 1994, 2000, 2008, and a revision will be issued later in 2015. Each version focuses on a topical area 1987 was the three ‘models’ for quality management systems; 1994 emphasized quality assurance via preventive actions; 2000 sought to make a radical change in thinking by actually placing the concept of process management front and center; 2008 introduced clarifications to the existing requirements;

When will the next revision of the ISO9001 Standard be completed?

A new version of the standard will be published in September 2015, if the ISO members vote favorably in March 2015.

How Does a Company Achieve Certification?

ISO does not certify organizations itself. Numerous certification bodies exist, which audit organizations and, upon success, issue ISO 9001 compliance certificates. Although commonly referred to as ‘ISO 9000′ certification, the actual standard to which an organization’s quality management system can be certified is ISO 9001:2008. Many countries have formed accreditation bodies to authorize (“accredit”) the certification bodies. Both the accreditation bodies and the certification bodies charge fees for their services. The various accreditation bodies have mutual agreements with each other to ensure that certificates issued by one of the Accredited Certification Bodies (CB) are accepted worldwide. Certification bodies themselves operate under another quality standard, ISO/IEC 17021 while accreditation bodies operate under ISO/IEC 17011.

An organization applying for ISO 9001 certification is audited based on an extensive sample of its sites, functions, products, services and processes. Upon completion, the auditor presents a list of problems (defined as “nonconformities”, “observations” or “opportunities for improvement”) to management. If there are no major nonconformities, the certification body will issue a certificate. Where major nonconformities are identified, the organization will present an improvement plan to the certification body (e.g. corrective action reports showing how the problems will be resolved); once the certification body is satisfied that the organization has carried out sufficient corrective action, it will issue a certificate. The certificate is limited by a certain scope (e.g. production of integrated circuits) and will display the addresses to which the certificate refers.

An ISO 9001 certificate is not a once-and-for-all award, but must be renewed at regular intervals recommended by the certification body, usually once every three years. There are no grades of competence within ISO 9001: either a company is certified (meaning that it is committed to the method and model of quality management described in the standard) or it is not.

Are Certified Organizations Audited?

Two types of auditing are required to become registered to the standard: auditing by an external certification body (external audit) and audits by internal staff trained for this process (internal audits). The aim is a continual process of review and assessment to verify that the system is working as it is supposed to; to find out where it can improve; and to correct or prevent problems identified. It is considered healthier for internal auditors to audit outside their usual management line, so as to bring a degree of independence to their judgments.

Are There Specific Standards for Different Industries?

The ISO 9001 standard is generalized and abstract; its parts must be carefully interpreted to make sense within a particular organization.   Over time, various industry sectors have moved to standardize their interpretations of the guidelines within their own marketplace. This is partly to ensure that their versions of ISO 9000 have their specific requirements, but also to try and ensure that more appropriately trained and experienced auditors are sent to assess them.

      •  AS9000 is the Aerospace Quality System Standard, an interpretation developed by major aerospace manufacturers. The current version is AS9100C.
      •  QS 9000 is an interpretation agreed upon by major automotive manufacturers (GM, Ford, and Chrysler). It includes techniques such as FMEA (Failure Mode Effects and Analysis) and APQP (Advance Product Quality Planning). QS 9000 is now replaced by ISO/TS 16949.
      •  ISO/TS 16949:2009 is an interpretation agreed upon by major automotive manufacturers (American and European manufacturers); the latest version is based on ISO 9001:2008.
      •  TL 9000 is the Telecom Quality Management and Measurement System Standard.
      •  ISO 13485:2003 is the medical industry’s equivalent of ISO 9001:2008.
      •  ISO/IEC 90003:2004 provides guidelines for the application of ISO 9001:2000 to computer software.
      •  ISO/TS 29001 is quality management system requirements for the design, development, production, installation, and service of products for the petroleum, petrochemical, and natural gas industries. It is equivalent to API Spec Q1 without the Monogram annex
      •  ISO 14001 is the Environmental Management System equivalent

Is There a Glossary of Terms Available?

Yes, it can be found on the ISO website – ISO Standards Glossary

What Waste Lists are specified in the R2:2013?
In anticipation of the “Basel Ban Amendment,” the parties in 1998 adopted two new annexes (waste lists) to the Convention. The new waste lists were specifically adopted to provide governments (particularly developing countries with limited technical resources) with a practical mechanism for identifying wastes that are likely to qualify as hazardous and those that are presumptively non- hazardous).

Annex VIII (presumptively hazardous e-waste) including circuit boards, are listed in Annex IX (presumptively non-hazardous) providing governments with some flexibility in determining the universe of e-waste that should be regarded as hazardous.

Specifically, Annex VIII provides that batteries made with lead, cadmium or mercury, mercury switches, CRTs and other activated glass and PCB capacitors should qualify as hazardous wastes.

Electronic equipment or scrap listed in Annex VIII (presumptively hazardous) may be managed as non-hazardous waste if it can be shown that the waste does not exhibit any Annex III hazardous characteristics.

Annex IX is presumptively non-hazardous e-waste but may nonetheless qualify as hazardous if the wastes exhibit hazardous characteristics.

What are the R2:2013 Focus materials?
The R2:2013 standard requires recyclers to document any movement of used and end-of- life equipment that is likely to qualify as a Focus Material or hazardous waste. The R2:2013 Standard identifies as Focus Materials any end-of-life electronic equipment and/or electronic assemblies that contain hazardous materials:

A. Polychlorinated biphenyls (PCBs)
B. Mercury
C. CRT glass (with some exceptions)
D. Batteries
E. Whole or shredded circuit boards containing lead solder

What Are RIOS and EHSMS and How Do they Inter-Relate?
R2:2013 requires that electronics recyclers possess and use an Environmental, Health and Safety Management System (EHSMS). The Institute of Scrap Recycling Industries (“ISRI”) responded by developing the Recycling Industry Operating Standards (“RIOS”), which incorporates the industry-relevant EHSMS elements found in the ISO 9001 (quality), ISO 14001 (environment) and OHSAS 18001 (health and safety) standards, and eliminates any duplication. Read More….

Does R2:2013 include sufficient worker health and safety protections?
It does. R2:2013 mandates that electronics recyclers deploy and utilize an Environmental, Health and Safety Management System (“EHSMS”) and that the management system be certified to an accredited management system standard.

Does R2:2013 address the management of used equipment destined for reuse?
R2:2013 exceeds requirements of the Basel Convention by mandating new documentation and assurance measures related to the management of equipment destined for reuse and resale.

Are the R2:2013 export requirements consistent with the Basel Convention’s controls on the movement of hazardous wastes?
Yes, they are. It is also important to note that the Basel Convention has been ratified by 180 countries and requires parties to control and in some instances prohibit transboundary movements of hazardous waste, including certain types of e-waste that qualify as “hazardous wastes” under the Convention.

The Convention has recognized e-waste as a “priority waste stream” and have taken several steps to clarify the extent to which the Convention applies to certain shipments of end-of-life equipment destined for materials recovery and final disposal.

Finally, during the past decade, the implementation of the EU RoHS Directive and similar national legislation restricting the use of certain hazardous substances in electronics in Asia and North America has reduced or eliminated the use of lead, cadmium, mercury and other targeted substances of concern in electronic products.

How can R2:2013 help recyclers handle hazardous wastes throughout the supply-chain?
The Standard includes a set of stringent requirements regarding the use of downstream vendors handling Focus Materials that are designed to ensure down-stream facilities properly manage these materials down the Recycling Chain. These include measures that require downstream vendors to:

      1. Conform to the Recycler’s Focus Materials Management Plan (which specifies the use of certain management measures while prohibiting others);
      2. Adhere to a documented system to manage environmental, health and safety risks and legal requirements;
      3. Comply with all applicable environmental and health and safety legal requirements and maintain a list and copies of current environmental permits;
      4. Apply R2:2013 criteria for selecting downstream vendors to its own relevant downstream vendors in the Recycling Chain; and
      5. Conform to the Standard’s requirements for equipment reuse, tracking throughput to document the flow of Focus Materials down the Recycling Chain and related security provisions.

What is TC34/SC17?

TC34/SC17 is the name of the Technical Committee of the International Organization for Standardization (ISO), responsible for the Management Systems for food safety standards(ISO 22000).

What is SQF1000 & SQF 2000 Quality Food Program?

The SQF Program is comprised of two codes: SQF 1000 and SQF 2000. Both codes were designed recognizing that risk management can be applied to all products, but that all processes do not lend themselves to a complete HACCP (Hazard Analysis and Critical Control Point) system. Therefore, SQF 1000 is based on the principles of HACCP, whereas SQF 2000 is a complete HACCP system.

SQF 1000 – This code is for producers of primary food products, and enables them to meet product trace, regulatory, food safety and commercial quality criteria. In addition, it allows primary producers to demonstrate that they can supply food that is safe and meets the quality specified by a customer.

SQF 2000 – This code is for manufacturers, distributors and brokers of food and beverage products, and can be used by all sectors of the food industry.

Certified SQF 2000 suppliers receiving raw materials from suppliers, who have implemented the SQF 1000 code, can ensure that through these complementary systems, the product is traceable from the producer to the consumer.

During the development of SQF, hundreds of food standards were reviewed worldwide. SQF is aligned with HACCP, Codex Alimentarius, ISO 9001 and NACMCF (National Advisory Committee on Microbiological Criteria of Foods). All of the aforementioned standards are proven methods used by the food industry to reduce the incidence of unsafe food reaching consumers in the marketplace.

The certification and audit procedures, including auditor qualifications, are governed by a set of rules which are overseen by established international accreditation standards. Within each code are three levels of certification. Each level is designed to indicate the stage of development of the producer’s food safety and quality management system.

The design of the levels within each code, allows every supplier, from the smallest farmer to the largest manufacturer, to be eligible for SQF certification. SQF 2000 meets the criteria of the Global Food Safety Initiative (GFSI) by CIES – The Food Business Forum, a global organization including CEOs and senior management of around 400 retailers (operating close to 200,000 stores) and manufacturer members of all sizes.

What is HACCP?

HACCP, or the Hazard Analysis Critical Control Point system, is a process control system that identifies where hazards might occur in the food production process and puts into place stringent actions to take to prevent the hazards from occurring.

What is Codex Alimentarius?

The Codex Alimentarius (Latin for “Book of Food”) is a collection of internationally recognized standards, codes of practice, guidelines and other recommendations relating to foods, food production and food safety. Its texts are developed and maintained by the Codex Alimentarius Commission, a body that was established in early November 1961 by the Food and Agriculture Organization of the United Nations (FAO), was joined by the World Health Organization (WHO) in June 1962, whose main goals are to protect the health of consumers and ensure fair practices in the international food trade.

What is NACMCF?

The National Advisory Committee on Microbiological Criteria for Foods (NACMCF) is an advisory committee chartered under the U.S. Department of Agriculture (USDA) and comprised of participants from the USDA (Food Safety and Inspection Service), Department of Health and Human Services (U.S. Food and Drug Administration and the Centers for Disease Control and Prevention) the Department of Commerce (National Marine Fisheries Service), the Department of Defense (Office of the Army Surgeon General), academia, industry and state employees. NACMCF provides guidance and recommendations to the Secretary of Agriculture and the Secretary of Health and Human Services regarding the microbiological safety of foods.

ISMS, ISO 27000, ISO 27002, and ISO 17799 Demystified

What is an ISMS?

An Information Security Management System (ISMS) is a step by step approach to ensure that critical risks to information assets are systematically reduced to a level consistent with management’s objectives. In essence, it is a comprehensive process for managing information security.

What  Are ISO 27000, ISO 27002 and ISO 17799?

There is a lot of confusion on what the differences are between ISO 27000, ISO 27001, ISO 27002, & ISO 17799:

      • ISO 27000 is a “series” of inter-related standards on information security.
      • ISO 27001 is an international standard for the operation of an Information Security Management System (ISMS). It is a benchmark for Organizations to demonstrate independent, third-party validation (attestation) that they are managing information security risks in compliance with prevailing best practices.
      • ISO 27002 standard was originally published renaming the existing ISO 17799 standard, a code of practice for information security.  It defines 114 security good practices (i.e., controls) that are used in conjunction with ISO 27001 (or can be used separately). You cannot become “27002 certified,” rather you can be “27002 compliant.” Incorporating ISO 27002 controls is part of becoming ISO 27001 certified.
      • ISO 17779 was re-named to ISO 27002 in 2005 (the only change was the name to align it with the ISO 27000 family).

How Does a Company Prepare for ISO 270001 Certification?

Our roadmap simplifies the process of understanding ISO 27001 and the steps required to get you from where you are to certification. This downloadable ISO 27001 pdf will help you understand what an Information Security Management System is and show you, in concrete terms, that ISO 27001 is manageable. Becoming certified is a process largely made up of things you already know and the ISO 27001 Implementation Roadmap guides you, step by step, from preparation through certification.

What Are the ISO 27001 Cost Factors?

The cost of developing and certifying an ISO 27001 Information Security Management System (ISMS) depends upon four key factors:

      • ISMS scope,
      • ISMS Gap,
      • The Organization’s ability to close the gap,
      • Certification timeframe (how quickly you need to be certified)

These factors influence all three cost elements of an ISO 27001 certification effort:

      • Organizational resource costs (e.g., time),
      • Consulting costs (e.g., outside support needed to be ready for certification),
      • Certification audit cost (e.g., the cost for the registrar to conduct the audit and issue the certificate).


ISO/TS 16949 ISO/TS 16949:2009 for automotive Products

What is the International Automotive Task Force?

The IATF is an “ad hoc” group of automotive manufacturers and their respective trade associations, formed to provide improved quality products to automotive customers worldwide. Specifically, the purposes for which the IATF was established are:

  1. To develop a consensus regarding international fundamental quality system requirements, primarily for the participating companies’ direct suppliers of production materials, product or service parts or finishing services (e.g. heat treating, painting and plating). These requirements will also be available for other interested parties in the automotive industry.
  2. To develop policies and procedures for the common IATF third party registration scheme to ensure consistency worldwide.
  3. To provide appropriate training to support ISO/TS 16949 requirements and the IATF registration scheme.
  4. To establish formal liaisons with appropriate bodies to support IATF objectives.

IATF members include the following vehicle manufacturers: BMW Group, Chrysler Group, Daimler AG, Fiat Group Automobile, Ford Motor Company, General Motors Company), PSA Peugeot Citroen, Renault SA, Volkswagen AG and the vehicle manufacturers respective trade associations – AIAG (U.S.), ANFIA (Italy), FIEV (France), SMMT (U.K.) and VDA (Germany).

What is ISO/TS 16949:2009?

The ISO/TS 16949 was jointly developed by the IATF members and submitted to the International Organization for Standardization (ISO) for approval and publication. The document is a common automotive quality system requirements catalog based on ISO 9001:2008, and specific requirements from the automotive sector. This document, coupled with customer-specific requirements defines quality system requirements for use in the automotive supply chain.

Who Can or Should Obtain ISO/TS 16949:2009 Certification?

Any Organization in the Automotive Supply Chain can obtain Certification to ISO/TS 16949:2009. It’s applicable to sites of the organization where production and/or service parts specified by the customer are manufactured for Cars, Trucks (Light, Medium and Heavy), Buses, Motorcycles.


Questions and Guidelines for Selecting Your ISO 90001 Consultant

How much experience does the ISO 9001 Consultant have?

For nearly a quarter century Quality Resource Center has assisted small, medium sized, large, and very large clients. We have worked with literally thousands of clients in achieving their quality, environmental, and data security management systems goals. Our record of 100% first time success is unmatched in the industry.

Can the ISO 9001 Consultant offer a comprehensive and complete solution for your project?

QRC can execute in all areas of the project – the up-front work, implementation, training, maintenance, and liaising with the top registrars.

Is the ISO 9001 Consultant part of an actual consulting firm?

Silicon Valley based Quality Resource Center is conveniently located near 3 major International airports including San Francisco, San Jose, and Oakland California. Further, QRC is within 2 hours of Sacramento, California.

What additional value added services, like training, auditing, NCM, and/or CAPA can the ISO 9001 Consultant offer?

Quality Resource Center offers a large suite of services including Process & Interactions Mapping, SPC, MSA, FMEA, and Control Plans.

How well does the ISO 9001 Consultant understand your particular business?

Quality Resource Center has worked with thousands of clients over the years so there’s a really good chance we’ve worked with similar clients; that we know some of your customers and vendors. Our 100% success rate means we will establish and maintain a good chemistry and synergy.

What other standards can the ISO 9001 Consultant support?

This is important as your company grows and you begin moving into other market segments. Quality Resource Center offers superior expertise in the areas of ISO 9001 as well as ISO 13485 (Medical Devices), ISO 14001 (Environmental), AS9100C (Aerospace), ISO/TS 16949, (Automotive), and much more. QRC supports you today, and QRC will be there to support you tomorrow, next year, and beyond.

How well can the ISO 9001 Consultant deploy personnel on-site when needed and are their skills current?

Our consultants can work remotely, on-site, or through a webinar to meet your needs. We make ourselves accessible however you need us – Skype, email or through social media. All of our presentation materials are created with professional tools; are well produced with a solid technical basis and a No fluff approach.

What is the TOTAL cost to your firm, not just in terms of dollars spent, but also in the areas of time spent and time lost to other activities?

Our 100% success rate means getting things done right the first time which saves everyone time, money, and frustration.